I need to use old version of apk and i wonder if there is a way to change respond from website that is hardcoded into app. App connect with some website and there is path with websiteurl/update/project.manifest/ It is simple plain text which contains some strings and app compare response with installed files.
JSON file contain string "Version_id: 12.5.3" which is newest app version. I need to spoof version to match old apk before update as app lost important function and devs removed functions for export data. I tried to manual edit response with http toolkit but it doesnt come as response it is downloaded right from url and compared with installed version. Hope somone have some idea, I tried editing apk so it shows as newer version but app check hash and closes with error.
Try edit external website plaintext, any MITM way. Modified response json match old apk version and allow to use without update.
Related
I have a android application hosted separately(not on Play Store), for updating app i have to download complete apk and then install even for small changes and bug fixes.
Is there any way to implement differential update mechanism in my app similar to Google play Store(Smart Update Mechanism)
If your questions is "is there an API that does this all for me?", then the answer is no.
If however you are asking, "What design do I need to implement to do this?", then in outline you need to:
send info from the client, so that it identifies which version is currently installed
send the delta between the currently installed version and the new down to the client (in whatever format you deem appropriate - you could just use the output of bsdiff for example which is a version of diff that handles binary files)
read the currently installed apk as a simple binary file, and apply the delta to produce a new binary apk file in a temporary location
install the new apk from the temporary location
clean up the temporary location
It's easy to see how this all works smoothly for the Google Play app's case, where the app executing this code is not the app that is being updated. However it can be got to work for updating yourself - after all Google Play also has the need to update itself!
The concept that you need to know is "Delta Update":
https://en.wikipedia.org/wiki/Delta_update
You must calculate the differences between new and old APK files and generate a Patch file in server-side:
https://en.wikipedia.org/wiki/Diff_utility
https://www.w3.org/TR/NOTE-gdiff-19970901
https://www.chromium.org/developers/design-documents/software-updates-courgette
Then download the patch file in Android client and merge it with the old APK to generate the new one.
Install the new APK...
As far as I know, even when you update an app from the Google Play Store, you are downloading a complete APK, even if the update is just to change a single string in your app.
However, I can think of a way (that I have not tried) to update an app differentially. It will be require a server (from which your app will download the new data/update). You will have to write a code in your app that processes the update from the server and replaces the specified resources (values, strings, links, etc) in your app. You won't be able to change the app logic or semantics, but at least the data can be changed.
In conclusion, I think Angry Birds Transformers does something like this (as it keeps telling me it is downloading new data from the servers). But Subway Surfers require you to download a new APK from Play Store in order to get the new resources for every city their tour visits.
When I built an APK file using cordova build, it bundles all the HTML/JS/CSS3 static files into the APK file in simple plain/text format. This way anyone will be able to easily use this code and create copy of my app. Is there any way to encrypt these files?
There is no 100% foolproof way for this, I could think of a solution where you will need a web server running a script for authenticating and then providing the core Javascript or a URL for the same in response. And you could save it locally for future use.
To keep the access restricted to your application, you will have to get the app's package name and then only provide the response. This post should help you to get your package's name.
In addition, you could add some logic on your server as well as your Javascript where you will generate a random unique string based on the timespan and add it to authentication process' parameters. And obfuscating all of your packaged JS in the apk will make it difficult for anyone to get your whole logic.
I have an android app that feeds on an xml file that is generated in my server with Ruby on Rails.
I want to download the new version of the xml file only when the it is newer than the one I have previously downloaded.
I would like to know what is the best way to do this in both sides: generate the version of the xml somehow somewhere in the server and obtain the version of the file using android.
Right now I am downloading an xml with the last day of modification of the xml I want to download an in that way compare it with the one I have locally, but I don't think this way is very efficient. Can you suggest any other way to do it?
Thanks in advance
instead of pre-generating the XML file and then downloading it you can generate it upon HTTP GET request, from the Android app you can pass a parameter in the URL that represents a version or the last update time.
then your server can check by this parameter if a new version should be generated.
We have an IBM Maximo system that has BIRT reports built in. We are also in the process of writing an Andriod app that needs to be able to run a report (on the server) and get the PDF version back into the app (or at bare minimum, the HTML version of the report). Is there any built-in functionality for this with BIRT or Maximo??
My team have something similar, but we scrapped the idea of using the .rptdesign files stored on the maximo server, and solved it by setting up the BIRT runtime: (Download here).
If you have direct access to the DB you can setup the runtime with the report(s) you need and play around with the parameters.
Say that one have a report called "report1" stored on "localhost:8080" and the report contained 2 parameters called "StartDate" and "EndDate" this is how one would do it:
Instead of using the standard URL with the frameset servlet mapping: "localhost:8080/birt/frameset?__report=report1.rptdesign" and let the user run the report them self, change the servlet mapping to run.
To just run the report, without getting the parameter dialog to provide values for the two parameters, one just have to parse the parameters to the end of the URL - &StartDate=2011-01-01&EndDate=2011-01-02.
To download the file in PDF format append the viewer command option "__format=PDF" to the end of the URL.
So the end result will look like this:
localhost:8080/birt/run?_report=report1.rptdesign&StartDate=2011-01-01&EndDate=2011-01-02&_format=PDF
This will download the file in PDF format without any interactions to the actual BIRT runtime.
Hope this gives you some ideas anyways, I know it's not an optimal solution. But at least it's something.
We've been asked to create a thin web client on Android for a company with an existing web site, existing users.
They want to send an mms to their users, giving each user their own download URL. This URL will point to an Android apk file that has been created specifically for that user - it will include that user's login, and password, to the website.
i.e. the APK file would have embedded login details.
This would be done in J2ME by storing info in the JDK file.
I can see a simlar question on How to update resources file in apk - but not fully answered.
So:
is there a way to store an "asset" in the apk file that will be a text file, and easily editable by unzipping, editing, rezipping the apk file? (looks like answer is no)
do you know of any similar problems, or have worked on similar apps?
is there advice on how best to accomplish this application? Any sort of embedding of customer info on an automated level would be of interest...
would the best option be to set the app to build with an Ant script, and have the client actually customize the source code and build a new app per user? (this has the con that the client gets the source code, which we'd rather not have)
I have scanned apk tagged questions and can't seem to find a solution to this.
Many thanks,
Richard
I guess you could put it into the apk (or replace a dummy file there) if you use the assets folder for it.
You can obtain the data by filename instead resource-id quite easy:
getResources().getAssets().open(fileName)
Regards,
Oliver
If it absolutely has to be that way, consider distributing two APKs, one with the application and the other containing a file with the handset-specific information. Sign them both with the same key, arrange for them to share a UID and the application will be able to read the file as if it were its own.
The rest of this probably belongs in a comment and not this answer, but I see lots of problems with what you're being asked to do:
The standard behavior for just about every other application out there is to ask for a login and password once when needed and then remember it.
If the user changes his password on your customer's web site, he has to get a new APK for his device instead of just having to reauthenticate.
Any changes to the application will require generation and installation of a new APK for each user.
All it would take is some unwitting user sharing his unique APK with someone else and your whole security model goes right down the tubes.
Less relevant, but still important: If your customer is able to reconstitute a plaintext password from what they have stored, I question their security scheme.